Page:

You are absolutely sure that the VHDL compiler they used to cook up the masks for all the chippery or the microcode for your CPU is not compromised? That Japanese factory making the tantalum's didn't place a transmitter inside?

I'd say You can't. Even if you buy Intel, you can't. Even if you could build a trustworthy AI capable of holding all of Intel's design information in it's head and simulate it's operation with quantum-level resolution, you can never be sure. Because you would be long dead before it was done. There simply isn't enough time in the universe to x-ray every component, check every single bit, verify all code and confirm that all of the design tools are not lying or hiding information.

You have to assume that the operation is compromised and then work out what the consequences are and how to mitigate this.

Re: It's nice to know ...

Re: Hmm...

A devious nation state would use the access to search for competent people with security clearance and have it revoked - slowly ablating the capabilities of the enemy; Judging from the last decade or so of American foreign policy it seems to be exactly what is going on.

Didn't Neutron Jack Welsh himself recently get religion and declare Shareholder Value the dumbest idea anyone had since Apartheid - or something?

Anyway, the C-class of today is all about how much Shareholder Value they can transfer to their own numbered accounts in Zürich. Efficiency is not an issue. Probably the "Plan-Cxx" is that if they can burn the investors to the ground while extracting Shareholder Value, then there will be less money to pay the lawyers with when they get sued, thereby the frauds can obtain a better no-fault settlement out of court.

Below is an example of typical "best practice" from the C-segment these days:

Re: Just for a laugh...

Oh - they did already.

That's the real reason why Nixon cancelled the moon program after realising how insanely dangerous that game was becoming with active portals to God-does-actually-not-want-to-know sitting around in space. But, the clincher was the evil technology found in an abandoned temple on the lunar surface by the Apollo XVIII crew; Their sealed copper-iridium caskets and the artefacts are secured with a Cobolt-60 source supplemented by an armed thermonuclear device deep inside the vaults of Yucca Mountain Nuclear Waste Repository.

Of course they then had to store the nuclear waste somewhere else, but the waste is magnitudes less dangerous than the recovered artefacts and the ... "deceased" crew members .

How would we know?

According to my understanding of Max Tegmark's book, "Our Mathematical Universe", we may exist in an infinite universe where the wave-function does not collapse - a multiverse.

Creating a black hole that destroys the earth is a quantum event, and, since the wave-function contains all possible states of all possible universes, never collapses, we do not notice this event because we happen to be inside one of an infinite number of universes where the earth didn't get destroyed - we just get a little bit more unlikely each time the earth is destroyed by CERN (or Launch on Warning Nuclear Insanity) so what we experience is the world getting stranger as it becomes more unlikely.

Re: So...

So just give us El Reg readers an Ultra geek mode

That would be "Windows Server 2008"; the 2012 version have those filthy tiles shat all over it - Microsoft has really lost the plot this time. At least during the Vista fiasco the Server Editions provided an escape hatch for gamers and other people willing to pay up and now that is being bricked up and tiled over!

Re: I don't think these guys understand...

"What this cert is for": Its just some parasitic business trying to carve out a place for itself inside a running value chain where it can then extract rent from the flow; nobody cares about the application or usefulness of this "certification" - if money comes in for doing it and sticking a sticker on a certain brand of hardware for ever, then it "works".

We see a lot of similar business models these days. Value creation must be under some pressure.

I really don't care much. I made like 15000 EUR "on call" one year *just* because the muppet java developers:

a) think it is exceptionally clever to use MySQL instead of syslog for logging,

b) think that "java.util.logging" still needs to log to a flat file in a place that syslog doesn't know about,

c) think that MySQL replication == backup,

d) believe that adding a new framework is always better than writing 100 lines of Java source code,

e) leaving the old one(s) in place when adding a new framework (since no-one is there long enough to find a person who remembers what the old stuff is supposed to be doing),

And dum-dum Managers, who couldn't manage to run a fast food joint into the ground:

f) think it is "too expensive" to fix the code, mainly because "On-call time" is just Hours and all employee hours are Free, because if not used deleting files and chocking dead databases back to life the slobs would just do something else, not work-related with their time, thus wasting it.

h) have KPI's tracking the extent that developer-hours are billed to customer accounts and linked to customer requirements (The "needle" is pinned at 100%, nobody questions "why").

You will, once technological progress makes the process to discover your infringement and collect the license fee cheap enough, then it becomes a viable business model and someone will offer it as a service, like parking fees.

The trick for the "service provider" is to not end up in court so no ruling is made whether they are actually entitled to collect.

... but you can bet that the rest of the world will not follow suit and allow large multinationals to squeeze genuine innovators out of the market in favor of perpetual monopolization.

I bet that the politicians will sign us up for exactly that, first with the TTIP guaranteeing a right to profits for corporations and then we will see "infringement-bots" doing deep traffic inspection disguised as "fighting piracy / child porn / drugs / terrorism / instablity" on *any* thoughts, ideas, creative works, et cetera, exchanged on any medium readable by machines.

"Fair Use" will come to mean that nation states will have to pay compensatory damages for traffic that contains any scrap of IP *claimed* to be owned by corporations - or face arbitration (not court). Claims will be initiated automatically, disputing claims is - of course - a manual process. The DMCA is just the beginning, the beta-run perhaps, of the future.

Re: Displaced workers

Put those increasing GMO crop yields to work for you.

Won't Work. Monsanto will send sniffer drones round to check your crop out for their Intellectual Property. Then their AI lawyers will send "cease and desist notices". And since you can't pay the license fees witout money, other drones will then spray your crop with Agent Orange!

Re: Cost Benefit Analysis?

What's the benefit to the nation of smart meters?

Not the nation. The benefit is for the privatised energy companies and "market makers", since once there is an actively traded market for electricity - which is what all these "smart meters" will be doing on behalf of subscribers - a new crop of financial parasites can be collecting transaction fees - or just go full ENRON: Buy up electrical futures, then "service" a major power station.

Steven King will presumably be happy & rich - unless the kindle tracks that we read Kings double-brick-tomes the same way as the poems and songs in the works of Tolkien: "Yada-yada-yada ..wtf?.. flip, flip, flip, more yada ... finally, 27 pages later ... Oh ..... The Story continues ... Wonderful!"

Re: Prioties

Who *knows* that the Chinese *actually* "hacked into ..."?

Would it not be easier that the Chinese simply asked for a little favour in return for something. Perhaps a password or even a private VPN to the inside of the firewall from some of the rice-bowl-a-day techies at the outsourced data processing facility in Bangalore or whatever - 1500 quid will go a long way in the 3'rd world and it's knot that the techies are any dumber "there" than "here", they also know that their job can always go to a cheaper place, so .... What Loyalty, Exactly!

There is also the problem that China trains and educates 250000 engineers per year; it would be strange if not 2500 of these are really good, 250 of those really love their country above all others and maybe 100 of these travel to "The West" to work at leading tech businesses. cdr150622

Re: Kind of a shame, really...

OTOH - If I buy something based on glowing 5-star reviews and it's crap, then I am going to be disappointed and UN-appreciative of Amazon juicing the reviews further to boost sales.

The negative reviews just seem much more truthful, because they often provide details and humour and ironi. Contrarily, the "positive, very helpful" review are very often bland and generic, with no specific things the "purchaser" liked, and did not like so much, about the product, book, whatever : "This product(sic!) is absolutely wonderful blah, blah", so this we don't trust, of course. If a product have no negative, cranky, reviews, then nobody living bought it - is my hypothesis.

PS:

Even I can write a Selenium bot to "upvote" reviews, so I would guess that everyone on the planet is already doing it.

PPS:

If you are an author and give a shit about what someone random on the internet write about your work, then you need to do a lot more writing and less posing; even your mum doesn't like everything you do!

Re: What a load of crap posted here

Great!

I have an entry position for a dynamic young intern willing prove their ability to work towards exacting standards.

You will start on Monday, you will not get paid until after September and only on the condition that your work satisfies my requirements. Your first tasks will be painting the house and mowing the lawn twice a week (of course you have to bring paint, tools, petrol any protective gear and take out a life insurance to benefit my company - just in case you break your damn neck and I have to hire a professional to finish the paint job).

One just can't get staff these days, so I am happy to hear that someone, somewhere is flexible and conscious of the needs of business.

Re: What ticks me off

This is across the board - anything to do with Google. Filing a bug with google or complaining about anything is next to impossible.

It's the same everywhere. The *only* way past the typical KPI-target of ... "To maintain a high customer satisfaction, there shall be no more than 137 open issues at any one time" ... is when the CEO / CTO has a public twitter account!

If we have millions of customers, how do we satisfy this bonus-enhancing requirement?

We *could* employ qualified and professional support staff and improve the customer support process - but, this sounds like it could be hard and that it might take a while - we could also squeeze the pipeline for customers contacting us down to two 1980's "suction cup" audio-modems communicating via four cans and two strings, which is Fun & Easy (and also warrants and article on Hackaday / Facebook on how kewl, leet and funny people we are in this business).

Metrics Matter - all the way to the point where Metrics is the only thing that actually matters.

... and except for the fact that there is a commercial transaction going on, not anything "pretty much like" something else.

We can look forward to some sad stories of Über-car crashes where the insurance policy will not pay up because a business insurance policy is required. Laws are there to make these things simple and reliable due to past experiences and excesses. Well, if another round is what it takes then at least one can hope that many libertarians gets it ;-)

Re: @streaky

Sure, if you don't care about killing tens or hundreds of thousands of civilians in the process

I think we ought to care about as much about these people that we cared for the Germans, Japanese, Korean, Vietnamese and even the Iraqis. The IS guys are still running around in Toyota-parades, which must light up every sensor-system known to man, and we don't light them up because "civilians"?

In WW2 none of those convoys would have gotten un-strafed away after 1943!

If we haven't got the stomach for war, a.k.a., murdering people on an industrial scale, then we should save 95% of the money spent on the military, because it will just be wasted anyway.

Is there a Kickstarter for that?

Re: Taking Mattel are they?

There is a Philip K. Dick story buried there somehow -

Imagine Google's G-Teddy activating at night, running Mattels Babie through the garbage disposal unit; Then Mattel ups the stakes with an Iron man toy - with Lasers - frying GTeddy's. Google responds by ripping off the works of H.P. Lovecraft so now we have Mattels Avengers battling Goggles Tentacled Horrors from Beyond. The creatures will have several exciting battle hymns and of course be constructed in automated factories that nobody knows the location off.

Re: P2P lending

"Market Friction" is what pays for the free whores & blow offered at those exclusive resorts where the decision makers are invited to seminars on "How deregulation and Zero enforcement is Good for YOU^H^H Society"!

Re: Houses are consumer goods.

The world does not really work that way - sovereign defaults were quite normal up till 1980's or so when it suddenly became "bad form" to soak the creditors.

Eventually the US is going to go for the straight default or some way of printing itself out of the whole, soaking the holders of US securities. When you know that you will run away from the bill, then it is perfectly rational to run the bill as high as possible - all those USD are buying real things; and the flood of money is even pushing up prices so the Chinese and other competitors have to work harder to get the USD they need to pay for their stuff.

The US is not going broke because of the debt, one cannot go broke when one does not have to pay what one owes; the problem in the US is that the economy cannot grow fast enough to support the looting and fraud perpetrated by the CEO's - similar to what happened to the USSR; The ruling elite sets itself up to loots the hell out of the country, after a while the looting is perfected and all value is instantly vacuumed up and squirrelled away in secret accounts, the economy dies. Partly because there is no surplus capital to invest with, partly because everyone stops participating in the sucker game and use vodka, favours or cash for exchanges.

Re: it's gambling.

Not A Single Thing - Just look at some ISDA statistics, the nominal amount of the worlds over-the-counter derivatives (= unregulated junk) just increased during the bailouts meaning that the fu.. er banks were just printing more of the garbage, now that they had the ECB to sell it to!

Re: And the Perpetrators

What most people wont realise is that "government" is working together with crooked businesses for a mere percentage of the loot (and a nice con-sluttant gig later). Law enforcement at this level is pretty much about securing that the looters keep a-looting and closing the door on any emerging competition.

When the mob beats down their front doors, that's when justice is served and we shall of course celebrate with a cognac and a good cigar.

Ryanair would prefer to run the planes without crew and auction off the pilot seat - if they could get insurance cover for the passengers and the plane, they would do it too!

I speculate that the people who like Ryanair are authoritarians, who gets pleasure out of "knowing the rules" (and the hideous web site) well enough to avoid getting stuck with some scam / fee and knowing that the crew is paid less than the average PFY working at McD.

Re: Lemmings !

Sure - but - Is there a cable between the in-flight entertainment systems and the flight systems? The references that I could google up doesn't explain this.

To all those who claim that this is super complicated to hack and this decades old special hardware is very secure - the example below is kind of what "we" are up against. Some people are very clever and very patient!

Which way? If it is via switches and firewalls, then I would not trust the separation to hold - the qualification process guarantees that the installed hardware and software is always *generations* behind The Internet. I read (in Wired, I think) that they (Boeing) wired the entertainment network via plastic junction boxes under the seats. Not very inaccessible.

Separate physical cabling all the way, separate antennas, that might actually work for a while.

Re: No, he did not.

Sure about that?

The presentations that I have seen on AFDX, the Latest and Greatest in COTS control systems for Airbus and Dreamliner appears to be all Ethernet, with the separation performed by management system in the switches, f.ex.: http://www.afdx.com/pdf/AFDX_Training_October_2010_Full.pdf

The in-flight internet would come from the same antenna array as the other traffic so there will be a physical connection over some form of VLAN at least - unless people cut another opening in the hull for more antennas specifically for this purpose, which I don't think is considered "cost effective".

Re: Potential use for criminals? My little experience...

I think it is only a matter of time, a short time(!), before someone uses Machine Intelligence to calculate better odds for someone coming to a sticky end than the insurance companies have and then use their insider advantage to (automatically?) invest in life insurance policies on the "risky people".

... from there it is just a small step to "help matters along" by adding other Machine Intelligence(s) giving dodgy advice -

Re: Facebook shill

and where they've combined they are all given a right to speak and make their own points

Which is exactly why the sleazy filth in the unelected European Commission will sign us up for TTIP. We just can't have all this democracy crap stand in the way of businesses god given right to a guaranteed profit!

Should I need an AK ...

It is rumoured that one could go to certain drinking dens and perhaps meet some of our "friends" from ex. Yugoslavia that the EU+NATO made all of themselves ... all analogue business; no internet required.

The people who provides these "services", they tend to be conservative and traditional people - who value not being in jail and they appreciate that their business is much safer when the plod spends all of their time sniffing everybody's pr0n and cat-movies.

Shorting is not cost effective in relation to the unlimited risk the shorter assumes.

You get 100x leverage "for free" with standard options with only the risk of your invested capital.

With customised derivatives you can get whatever you like - except that markets are thin and exclusive, so it may be hard to find a sucker to take "the other side" (and since these markets are "unregulated", said sucker may not want to pay up after the event).

In any case, if the board have any clue whatsoever, they would trade via a Belgian number account or Private Broker in London (the biggest pirate-market on the planet). Only incompetents are ever busted for insider trading!

I think that I prefer that the developers do One Thing: Build a Surgeon to be as good, user friendly and safe as they can. Then Security (and QoS) is added by another set of developers - doing just that One Thing.

Building "everything" into one system is exactly what went wrong with SNMPv3 and Java - Security may be baked in, but, it is so complicated to use that it is useless (SNMPv3) or it is so complicated that it is just one huge attack surface (Java).

NETCONF, HTTP, et. al. rely on"external" security: VPN, SSH et cetera. This is a *far* better approach IMO - when for example SSH is hacked, it can be Replaced. And everyone understands the common protocols - "baked in" means "customised", which will mean funny exceptions and special cases for all equipment.

Re: Dodgy Product

Re: and the reality is......

"After Hours Trading" is crooked. Everybody knows that the traders set positions to fuck over the idiits who still believe in setting stop-losses and people who are still holding options this close to expiry.

"Analysts Expectations" - haha, these are always set so that the actuals will exceed whatever the guess it, eventually of course the trend turns and then the stock "miss analysts expectations"; It's noise and made-up bullshit but at least one can trade it, "analysts" usually under-shoot 5-6 quarters then miss.

I agree that the preview version of Win10 looks really solid, fast and good. I could even be a great product - IF - it is allowed. Preview Vista looked really great too. I don't know *what* they did to it, but, it sure turned into shit on the release.